Re: Postfix als SMTP-Client: Überprüfung der TLS-Zertifikate macht Probleme
Christoph Schulze <chr.schu@gmx.de> writes:
[...]
[...]
>> | Apr 25 20:39:53 localhost postfix/smtp[28979]: Unverified: subject_CN=smtp.1und1.de, issuer=Thawte Premium Server CA
>> `----
>
> [snip]
>
> Evtl. liegt es gar nicht an dir.
> Ich sag (bzw. schreib) nur: https://www.verisign.net/ ;)
Hm. Verisign ist ja immerhin eine bekannte Größe. Sind deren
Zertifikate tatsächlich nicht in Debians ca-certificates enthalten?
,----
| [16:29:38][niehaus@crystalline:~]$ apt-cache show ca-certificates
| Package: ca-certificates
| Priority: optional
| Section: misc
| Installed-Size: 560
| Maintainer: Fumitoshi UKAI <ukai@debian.or.jp>
| Architecture: all
| Version: 20070303
| Depends: openssl, debconf (>= 0.5) | debconf-2.0
| Filename: pool/main/c/ca-certificates/ca-certificates_20070303_all.deb
| Size: 97182
| MD5sum: bb33a371510956bc8bbe6366ba643148
| SHA1: a299c7ccfa1129ffb622146b1a2732d8cae1eeb0
| SHA256: ecef927c097fe08677c87799510f33efbf955f00120d74e347227731a1405f91
| Description: Common CA Certificates PEM files
| It includes the followings PEM files of CA certificates
| .
| * spi-inc.org certificate
| * db.debian.org certificate
| * debconf.org certificate
| * Mozilla builtin CA certificates
| * CACert.org certificates
| * Brazilian Government Certificate
| * Signet CA certificates
| * QuoVadis CA certificates
| .
| This is useful for any openssl applications to verify
| SSL connection.
| .
| Note that certificate authorities whose certificates are included in
| this package are not in any way audited for trustworthiness and RFC
| 3647 compliance, and that full responsibility to assess them rests
| with the user.
| Enhances: libssl0.9.8, openssl
| Tag: protocol::ssl, role::app-data, security::authentication
|
| [16:29:39][niehaus@crystalline:~]$
`----
Ich hätte das Verisingn-Dingens als "Mozilla builtin CA certificate"
eingestuft. Liege ich da so falsch?
Gruß,
Sebastian
Reply to: